ForAllValues:BinaryEquals

Warning:

As far as we know ForAllValues: BinaryEquals can never be used because there are no context keys available that are an array of base64-encoded string representations. This is here as an example of how it could work, but if you see this in the wild, it's probably a mistake.

It's totally possible this is a mistake on our part, if you think we got this wrong please send an email to wroooong at cloudcopilot.io and we'll get it fixed up.

ForAllValues: BinaryEquals

ForAllValues: BinaryEquals compares a list of binary values in a request to a list of base64-encoded string representations in your policy. There are no known binary context keys, but this is put here for completeness.

To match a request, the context key can be absent, but if it is present, all of the binary values in the request must match at least one of the base64-encoded string representations in your policy.

You can NOT use policy variables in the value of this operator.

ForAllValues: BinaryEquals in an Allow Statement

Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey: null
Then the result is:
Allowed Allowed Assuming no explicit Deny elsewhere
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - c2lsbGluZXNz
 - c2hlbmFuaWdhbnM=
Then the result is:
Not Allowed Not Allowed Statement does not apply
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - c2lsbGluZXNz
Then the result is:
Not Allowed Not Allowed Statement does not apply
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
Then the result is:
Allowed Allowed Assuming no explicit Deny elsewhere
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv
Then the result is:
Allowed Allowed Assuming no explicit Deny elsewhere
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv
 - c2lsbGluZXNz
Then the result is:
Not Allowed Not Allowed Statement does not apply

ForAllValues: BinaryEquals in a Deny Statement

Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey: null
Then the result is:
Denied Denied
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - c2lsbGluZXNz
 - c2hlbmFuaWdhbnM=
Then the result is:
Not Denied Not Denied May be allowed by another statement
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - c2lsbGluZXNz
Then the result is:
Not Denied Not Denied May be allowed by another statement
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
Then the result is:
Denied Denied
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv
Then the result is:
Denied Denied
Given the Policy Condition:
"ForAllValues:BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv
 - c2lsbGluZXNz
Then the result is:
Not Denied Not Denied May be allowed by another statement